US Defence Secretary Leon Panetta has put out a stark warning on cyber security, claiming the country could be hit by a cyber equivalent of 9/11 or Pearl Harbour.
Panetta, speaking at the Business Executives for National Security (BENS) in New York, said recent events, including the distributed denial of service (DDoS) attacks on US banks and the hit on oil giant Saudi Aramco, had indicated how severe the problem had become.
He said the Shamoon virus, which was used to knock 30,000 Aramco machines offline, was “probably the most destructive attack that the private sector has seen to date”.
“The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time in combination with a physical attack on our country,” Panetta added.
According to a video posted online by IDG, the defence secretary said a cyber attack carried out by nation states or violent extremist groups “could be as destructive as the terrorist attack on 9/11”.
“Such a destructive cyber terrorist attack could virtually paralyse the nation,” he added, claiming “foreign cyber actors are probing US critical infrastructure networks”, targeting control systems that operate chemical, water and electricity plants and those that guide transport.
Panetta pointed to specific instances where intruders successfully gained access to those control systems, as they seek to cause panic, destruction and even loss of life.
Attackers could derail passenger trains or those loaded with lethal chemicals, or contaminate water supply and shut down the power grid, he suggested, noting that the US would respond if such a serious strike hit.
Government officials have been accused of over-inflating the risk before, and Panetta’s comments may draw scepticism from some corners.
Nevertheless, nation states across the globe are believed to be ramping up offensive cyber security efforts. Germany reportedly set up a cyber warfare unit earlier this year, which will have a strong focus on defending attacks from China.
But it’s the US, which splashes more funds on defence than the next top 14 spenders combined, that appears to have been the most active in the cyber attack space. The US and Israel were believed to be behind the Stuxnet worm, which caused disruption at Iranian nuclear facilities.
They were also believed to be behind the highly-sophisticated Flame cyber espionage tool, which targeted countries in the Middle East.
The US’ National Security Agency (NSA) also recently set up a Cyber Exploitation Corps Development Program (CECDP). It was looking for recruits this summer, as it looks to boost its Computer Network Operations (CNO) mission, which is looking into network defense, network attack, and computer network exploitation.
US military contractor Northtop Grumman was looking for a cyber software engineer to “plan, execute and assess an Offensive Cyberspace Operation (OCO) mission” earlier this year too.
And America reserves the right to respond to cyber attacks with physical force. “If we detect something that causes destruction – we need to have the option to take action against those who attack us,” Panetta added.
“For these kinds of scenarios the department has developed the capability to conduct effective operations to counter threats to our national interests in cyber space. We will only do so to defend our nation, to defend our interests and defend our allies.”
Are you a security guru? Try our quiz!